[LONG] Trouble using debmirror on Lenny (certain public keys not found)
Holger Rauch
I want to create a partial mirror for both the stable (Lenny) and
testing (Squeeze) distributions of Debian. The mirror is supposed to
contain the amd64 arch only (all binary packages of all sections).
Here's how I invoke debmirror from within a shell script:
===
debmirror -a amd64 -s all -e rsync --rsync-options "-aIL --partial --bwlimit=2048" -r :debian -h ftp2.de.debian.org \
-d lenny /debstable --nosource \
--progress
===
In the output, it complains about certain pgp keys that are not found
(I apologize for the bad formatting that happened during
copying&pasting):
===
Mirroring to /debstable from
rsync://anon...@ftp2.de.debian.org/:debian/
Arches: amd64
Dists: lenny
Sections: all
Will clean up AFTER mirroring.
Download at most 200 files per rsync call.
Pdiff mode: use.
Attempting to get lock, this might take 2 minutes before it fails.
Get Release files.
remote_get rsync dists/lenny/Release
receiving incremental file list
./
dists/lenny/Release
73845 100% 70.42MB/s 0:00:00 (xfer#1, to-check=0/4)
sent 750 bytes received 584 bytes 889.33 bytes/sec
total size is 73845 speedup is 55.36
remote_get rsync dists/lenny/Release.gpg
receiving incremental file list
dists/lenny/Release.gpg
1033 100% 1008.79kB/s 0:00:00 (xfer#1, to-check=0/4)
sent 127 bytes received 169 bytes 197.33 bytes/sec
total size is 1033 speedup is 3.49
gpgv: keyblock resource /root/.gnupg/trustedkeys.gpg':
general error
gpgv: Signature made Sa 30 Jan 2010 00:18:35 CET using RSA key ID 55BE302B
[GNUPG:] ERRSIG 9AA38DCD55BE302B 1 2 00 1264807115 9
[GNUPG:] NO_PUBKEY 9AA38DCD55BE302B
gpgv: Can't check signature: public key not found
gpgv: Signature made Sa 30 Jan 2010 00:25:01 CET using DSA key ID F42584E6
[GNUPG:] ERRSIG 4D270D06F42584E6 17 2 00 1264807501 9
[GNUPG:] NO_PUBKEY 4D270D06F42584E6
gpgv: Can't check signature: public key not found
Release signature does not verify.
Errors:
Release signature does not verify.
Failed to download some Release or Release.gpg files!
WARNING: releasing 1 pending lock...
===
So, I tried to obtain all keys like this:
===
gpg --keyring /usr/share/keyrings/debian-role-keys.gpg --export | gpg --import
gpg --keyring /usr/share/keyrings/debian-keyring.gpg --export | gpg --import
gpg --keyring /usr/share/keyrings/debian-archive-keyring.gpg --export | gpg --import
===
Furthermore, I tried to explicitly obtain the keys mentioned in the
error messages:
===
gpg --keyserver keyring.debian.org --recv-keys 55BE302B
gpg: requesting key 55BE302B from hkp server keyring.debian.org
gpgkeys: key 55BE302B not found on keyserver
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg --keyserver keyring.debian.org --recv-keys F42584E6
gpg: requesting key F42584E6 from hkp server keyring.debian.org
gpgkeys: key F42584E6 not found on keyserver
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
===
===> Obviously, the keys are not found.
How am I supposed to proceed from this point?
Thanks in advance & kind regards,
Holger
Mirko Parthey
> gpgv: keyblock resource /root/.gnupg/trustedkeys.gpg':
> general error
> gpgv: Signature made Sa 30 Jan 2010 00:18:35 CET using RSA key ID 55BE302B
> [GNUPG:] ERRSIG 9AA38DCD55BE302B 1 2 00 1264807115 9
> [GNUPG:] NO_PUBKEY 9AA38DCD55BE302B
> gpgv: Can't check signature: public key not found
>
>
> So, I tried to obtain all keys like this:
>
> ===
>
> gpg --keyring /usr/share/keyrings/debian-role-keys.gpg --export | gpg --import
> gpg --keyring /usr/share/keyrings/debian-keyring.gpg --export | gpg --import
> gpg --keyring /usr/share/keyrings/debian-archive-keyring.gpg --export | gpg --import
>
> ===
>
> Furthermore, I tried to explicitly obtain the keys mentioned in the
> error messages:
>
> ===
>
> gpg --keyserver keyring.debian.org --recv-keys 55BE302B
> gpg: requesting key 55BE302B from hkp server keyring.debian.org
> gpgkeys: key 55BE302B not found on keyserver
> gpg: no valid OpenPGP data found.
> gpg: Total number processed: 0
>
> gpg --keyserver keyring.debian.org --recv-keys F42584E6
> gpg: requesting key F42584E6 from hkp server keyring.debian.org
> gpgkeys: key F42584E6 not found on keyserver
> gpg: no valid OpenPGP data found.
> gpg: Total number processed: 0
>
> ===
>
> ===> Obviously, the keys are not found.
>
> How am I supposed to proceed from this point?
By default, gpg stores new public keys in ~/.gnupg/pubring.gpg,
while gpgv expects them in ~/.gnupg/trustedkeys.gpg.
The following command should import keys straight into trustedkeys.gpg:
gpg --no-default-keyring --keyring trustedkeys.gpg --import
At least, that's what the debmirror(1) manpage suggests.
If you want to use the same keys for debmirror and apt,
you can simply set a symlink like this:
/home/mirror/.gnupg/trustedkeys.gpg -> /etc/apt/trusted.gpg
It may be a good idea to run debmirror under a separate
user account to avoid interference with other usage of gpg.
Regards,
Mirko
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/2010062411...@titus.informatik.tu-chemnitz.de
Holger Rauch
thanks for your suggestion. It worked. Must have been overlooking that
hint in the manpage. Sorry.
Greetings,
Holger
On Thu, 24 Jun 2010, Mirko Parthey wrote:
> [...]
> By default, gpg stores new public keys in ~/.gnupg/pubring.gpg,
> while gpgv expects them in ~/.gnupg/trustedkeys.gpg.
>
> The following command should import keys straight into trustedkeys.gpg:
> gpg --no-default-keyring --keyring trustedkeys.gpg --import
> At least, that's what the debmirror(1) manpage suggests.
> [...]